[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jun 16 21:10:33 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd802e00 by security tracker role at 2020-06-16T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2020-14207
+	RESERVED
+CVE-2020-14206
+	RESERVED
+CVE-2020-14205
+	RESERVED
+CVE-2020-14204
+	RESERVED
+CVE-2020-14203
+	RESERVED
+CVE-2020-14202
+	RESERVED
+CVE-2020-14201
+	RESERVED
+CVE-2020-14200
+	RESERVED
+CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
+	TODO: check
+CVE-2020-14198
+	RESERVED
+CVE-2020-14197
+	RESERVED
+CVE-2020-14196
+	RESERVED
+CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+	TODO: check
+CVE-2020-14194
+	RESERVED
+CVE-2020-14193
+	RESERVED
+CVE-2020-14192
+	RESERVED
+CVE-2020-14191
+	RESERVED
+CVE-2020-14190
+	RESERVED
+CVE-2020-14189
+	RESERVED
+CVE-2020-14188
+	RESERVED
+CVE-2020-14187
+	RESERVED
+CVE-2020-14186
+	RESERVED
+CVE-2020-14185
+	RESERVED
+CVE-2020-14184
+	RESERVED
+CVE-2020-14183
+	RESERVED
+CVE-2020-14182
+	RESERVED
+CVE-2020-14181
+	RESERVED
+CVE-2020-14180
+	RESERVED
+CVE-2020-14179
+	RESERVED
+CVE-2020-14178
+	RESERVED
+CVE-2020-14177
+	RESERVED
+CVE-2020-14176
+	RESERVED
+CVE-2020-14175
+	RESERVED
+CVE-2020-14174
+	RESERVED
+CVE-2020-14173
+	RESERVED
+CVE-2020-14172
+	RESERVED
+CVE-2020-14171
+	RESERVED
+CVE-2020-14170
+	RESERVED
+CVE-2020-14169
+	RESERVED
+CVE-2020-14168
+	RESERVED
+CVE-2020-14167
+	RESERVED
+CVE-2020-14166
+	RESERVED
+CVE-2020-14165
+	RESERVED
+CVE-2020-14164
+	RESERVED
 CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in  ...)
 	NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -458,7 +546,7 @@ CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214.
 	NOT-FOR-US: DD-WRT
 CVE-2020-13975
 	RESERVED
-CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...)
+CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
 CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
@@ -1787,8 +1875,8 @@ CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer
 	NOT-FOR-US: Jason2605 AdminPanel
 CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
 	NOT-FOR-US: Rejetto HTTP File Server
-CVE-2020-13431
-	RESERVED
+CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...)
+	TODO: check
 CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
 	- grafana <removed>
 	NOTE: https://github.com/grafana/grafana/pull/24539
@@ -3990,8 +4078,8 @@ CVE-2020-12496
 	RESERVED
 CVE-2020-12495
 	RESERVED
-CVE-2020-12494
-	RESERVED
+CVE-2020-12494 (Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x i ...)
+	TODO: check
 CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
 	NOT-FOR-US: SWARCOs CPU LS4000 Series
 CVE-2020-12492
@@ -6238,14 +6326,14 @@ CVE-2020-11843
 	RESERVED
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
 	NOT-FOR-US: Micro Focus
-CVE-2020-11841
-	RESERVED
-CVE-2020-11840
-	RESERVED
+CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
+	TODO: check
+CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
+	TODO: check
 CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...)
 	NOT-FOR-US: Micro Focus
-CVE-2020-11838
-	RESERVED
+CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...)
+	TODO: check
 CVE-2020-11837
 	RESERVED
 CVE-2020-11836
@@ -11055,8 +11143,8 @@ CVE-2020-10270
 	RESERVED
 CVE-2020-10269
 	RESERVED
-CVE-2020-10268
-	RESERVED
+CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...)
+	TODO: check
 CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...)
 	NOT-FOR-US: Universal Robots control box CB
 CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...)
@@ -12732,8 +12820,8 @@ CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Serv
 	NOT-FOR-US: Micro Focus
 CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
 	NOT-FOR-US: Micro Focus
-CVE-2020-9522
-	RESERVED
+CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...)
+	TODO: check
 CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
@@ -13320,8 +13408,8 @@ CVE-2020-9298
 	RESERVED
 CVE-2020-9297
 	RESERVED
-CVE-2020-9296
-	RESERVED
+CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom constrain ...)
+	TODO: check
 CVE-2020-9295
 	RESERVED
 CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
@@ -15086,14 +15174,14 @@ CVE-2020-8546
 	RESERVED
 CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
 	NOT-FOR-US: AIL framework
-CVE-2020-8544
-	RESERVED
-CVE-2020-8543
-	RESERVED
-CVE-2020-8542
-	RESERVED
-CVE-2020-8541
-	RESERVED
+CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
+	TODO: check
+CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
+	TODO: check
+CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
+	TODO: check
+CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
+	TODO: check
 CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...)
 	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8539
@@ -17565,8 +17653,8 @@ CVE-2020-7494
 	RESERVED
 CVE-2020-7493
 	RESERVED
-CVE-2020-7492
-	RESERVED
+CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
+	TODO: check
 CVE-2020-7491
 	RESERVED
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
@@ -25293,8 +25381,8 @@ CVE-2020-4322
 	RESERVED
 CVE-2020-4321
 	RESERVED
-CVE-2020-4320
-	RESERVED
+CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...)
+	TODO: check
 CVE-2020-4319
 	RESERVED
 CVE-2020-4318
@@ -25313,8 +25401,8 @@ CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3
 	NOT-FOR-US: IBM
 CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
 	NOT-FOR-US: IBM
-CVE-2020-4310
-	RESERVED
+CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...)
+	TODO: check
 CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...)
 	NOT-FOR-US: IBM
 CVE-2020-4308
@@ -37517,8 +37605,8 @@ CVE-2019-18616
 	RESERVED
 CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...)
 	NOT-FOR-US: CloudVision Portal
-CVE-2019-18614
-	RESERVED
+CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...)
+	TODO: check
 CVE-2019-18613
 	RESERVED
 CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
@@ -39302,16 +39390,13 @@ CVE-2020-0237
 	RESERVED
 CVE-2020-0236
 	RESERVED
-CVE-2020-0235
-	RESERVED
+CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...)
 	NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0234
-	RESERVED
+CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
 	NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use  ...)
 	NOT-FOR-US: Android
-CVE-2020-0232
-	RESERVED
+CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds  ...)
 	NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0231
 	RESERVED
@@ -39329,8 +39414,7 @@ CVE-2020-0225
 	RESERVED
 CVE-2020-0224
 	RESERVED
-CVE-2020-0223
-	RESERVED
+CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...)
 	NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0222
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd802e00079c192d5536c3a74b666f2d36b88697

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd802e00079c192d5536c3a74b666f2d36b88697
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200616/1b7f1338/attachment.html>


More information about the debian-security-tracker-commits mailing list